[Snort-users] Verifying Snort rules are updating?

James Lay jlay at ...13475...
Thu Jun 26 16:42:45 EDT 2014


On 2014-06-26 14:34, Jeff Meigs wrote:
> Hello everyone,
>
> We use to pull the rules using our own script but now we switched to
> using pulled pork. It seems the way its set up now with pulled pork 
> is
> it dumps everything into that single file.
>
> How are some of you verifying snort is running every day?
>
> We have a report that used to tell us the file dates so we knew it 
> was
> being updated. Anyone have any other methods?
>
> Thanks,
>
> JEFFREY MEIGS
>
> JUNIOR PROGRAMMER
>
> SUNWEST ECU
>
> JMEIGS at ...16882...

I get a report every weekday:

#!/bin/bash
/usr/local/bin/pulledpork.pl -l -c 
/etc/snort/pulledpork/pulledpork.conf 2>&1 | /usr/local/bin/sendEmail -f 
mailhost.ick -t me at ...16883... -u "Pulledpork Weekday Report"

/etc/rc.d/rc.snort stop
sleep 1
/etc/rc.d/rc.snort start

James





More information about the Snort-users mailing list